基于API和Permission的Android恶意软件静态检测方法研究  被引量：3

作　　者：杨鸣坤 罗锦光 欧跃发 慕德俊[4] Yang Mingkun;Luo Jinguang;Ou Yuefa;Mu Dejun(College of Computer Science and Engineering,Guilin University of Aerospace Technology,Guilin 541004,Guangxi,China;Department of Electronic and Information Engineering,Guangxi Electrical Polytechnic Institute,Nanning 530007,Guangxi,China;School of Mechanical and Marine Engineering,Beibu Gulf University,Qinzhou 535011,Guangxi,China;School of Automation,Northwestern Polytechnical University,Xi’an 710072,Shaanxi,China)

机构地区：[1]桂林航天工业学院计算机科学与工程学院,广西桂林541004 [2]广西电力职业技术学院电子与信息工程系,广西南宁530007 [3]北部湾大学机械与船舶海洋工程学院,广西钦州535011 [4]西北工业大学自动化学院,陕西西安710072

出　　处：《计算机应用与软件》2020年第4期53-58,104,共7页Computer Applications and Software

基　　金：国家自然科学基金项目(61672433);桂林航天工业学院电子信息重点学科/物联网与大数据应用研究中心成果项目(KJPT201811);钦州市“互联网+先进制造”工程技术研究中心2017年重点开放课题(2017QGKZ03)。

摘　　要：当前大量的Android恶意软件在后台收集用户的位置信息、通话记录、电话号码及短信等信息并将其上传至指定服务器,造成了难以估量的危害。为解决此问题,提出一种Android恶意软件静态检测方法。对收集到的训练集中的所有APK文件进行静态反编译,提取其中的静态信息;对静态信息中的API和Permission进行统计学分析,得到API和Permission在恶意APK和正常APK中的使用率;根据它们的使用率确定基准API和Permission集合,将每一个APK转换成可参与计算的关于API和Permission的特征向量;利用改进的k-NN分类器,对待检测的APK进行分类判定。实验结果表明,该方法可以有效地对APK进行恶意分类。At present,a large number of Android malwares collect users location information,call records,phone numbers and short messages in the background and upload them to the specified server,causing incalculable harm.To solve this problem,this paper proposes a static detection method for Android malware.It performed static decompilation on all the APK files collected in the training set and extracted the static information;it made the statistical analysis for the API and Permission in the static information to obtain the usage rates of API and Permission in the malicious APK and normal APK;the benchmark API and Permission set were determined according to their usage rate,and then each APK was transformed into a feature vector of API and Permission that could participate in the calculation;the improved k-NN classifier was used to determine the APK to be detected.The experimental results show that the static detection method can effectively classify malicious APK.

关 键 词：ANDROID 恶意软件 静态检测 PERMISSION 机器学习 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]